<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<title>Document </title>
		<link href="https://cdn.bootcdn.net/ajax/libs/normalize/8.0.1/normalize.css" rel="stylesheet">

		<link rel="stylesheet" href="css/main.css">
	</head>

	<body>

		<!-- 网站 左边 -->
		<div class="side-bar">

			<div class="header">
				<a href="index.html" class="logo"> 王花花 主页</a>
				<div class="intro">Hi I am whh. Welcome to visit me.</div>

			</div>
			<div class="nav">
				<a href="#" class="item">个人中心</a>
				<a href="#" class="item">内容管理</a>
				<a href="#" class="item">学习平台</a>
				<a href="#" class="item">我的钱包</a>
				<a href="" class="item">我的认证</a>
				<a href="" class="item">联系我</a>
			</div>
			<div class="tag-list">
				<a href="#" class="item"># python基础</a>
				<a href="#" class="item"># javascript学习笔记</a>
				<a href="#" class="item"># flask 入门</a>
				<a href="#" class="item"># ES6特性</a>

			</div>

		</div>
		<!-- 网站 左边  结束-->

		<!-- 网站右边 -->
		<div class="main">


			<div class="article">

				<h1 class="title">Refreshing Tokens
				</h1>
				<div class="status">发布于:2020-03-15 | 阅读: 9882 | 收藏:600 | 赞:10</div>
				<div class="content">

					<p>
						Refreshing Tokens
						In most web applications, it would not be ideal if a user was logged out in the middle of doing
						something because their JWT expired. Unfortunately we can’t just change the expires time on a
						JWT on each request, as once a JWT is created it cannot be modified. Lets take a look at some
						options for solving this problem by refreshing JWTs.

					</p>

					<p>
						Implicit Refreshing With Cookies
						One huge benefit to storing your JWTs in cookies (when your frontend is a website) is that the
						frontend does not have to handle any logic when it comes to refreshing a token. It can all
						happen implicitly with the cookies your Flask application sets.
					</p>

					<p>
						The basic idea here is that at the end of every request, we will check if there is a JWT that is
						close to expiring. If we find a JWT that is nearly expired, we will replace the current cookie
						containing the JWT with a new JWT that has a longer time until it expires.

					</p>


					<p>
						This is our recommended approach when your frontend is a website.

					</p>



					<p>
						Explicit Refreshing With Refresh Tokens
						Alternatively, this extension comes out of the box with refresh token support. A refresh token
						is a long lived JWT that can only be used to creating new access tokens.

					</p>



					<p>

						You have a couple choices about how to utilize a refresh token. You could store the expires time
						of your access token on your frontend, and each time you make an API request first check if the
						current access token is near or already expired, and refresh it as needed. This approach is
						pretty simple and will work fine in most cases, but do be aware that if your frontend has a
						clock that is significantly off, you might run into issues.
					</p>


					<p>

						An alternative approach involves making an API request with your access token and then checking
						the result to see if it worked. If the result of the request is an error message saying that
						your token is expired, use the refresh token to generate a new access token and redo the request
						with the new token. This approach will work regardless of the clock on your frontend, but it
						does require having some potentially more complicated logic.
					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>

					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>

					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>


					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>

					<p>
						Using refresh tokens is our recommended approach when your frontend is not a website (mobile,
						api only, etc).

					</p>
				</div>

			</div>





		</div>
		<!-- 网站右边 结束 -->

	</body>
</html>
